Total
11002 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32203 | 2026-04-17 | N/A | 7.5 HIGH | ||
| Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2026-26143 | 2026-04-17 | N/A | 7.8 HIGH | ||
| Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2026-33116 | 2026-04-17 | N/A | 7.5 HIGH | ||
| Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2026-32168 | 2026-04-17 | N/A | 7.8 HIGH | ||
| Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-34197 | 1 Apache | 2 Activemq, Activemq Broker | 2026-04-16 | N/A | 8.8 HIGH |
| Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue | |||||
| CVE-2026-29133 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 9.1 CRITICAL |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | |||||
| CVE-2026-29135 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | |||||
| CVE-2026-29137 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 5.3 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | |||||
| CVE-2026-29144 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 5.3 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | |||||
| CVE-2026-29141 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 5.3 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | |||||
| CVE-2026-29143 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 9.1 CRITICAL |
| SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers. | |||||
| CVE-2026-34980 | 1 Openprinting | 1 Cups | 2026-04-16 | N/A | 7.5 HIGH |
| OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches. | |||||
| CVE-2026-34525 | 1 Aiohttp | 1 Aiohttp | 2026-04-16 | N/A | 5.3 MEDIUM |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4. | |||||
| CVE-2026-4519 | 1 Python | 1 Python | 2026-04-16 | N/A | 3.3 LOW |
| The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open(). | |||||
| CVE-2026-27282 | 1 Adobe | 1 Coldfusion | 2026-04-16 | N/A | 7.5 HIGH |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. | |||||
| CVE-2026-27304 | 1 Adobe | 1 Coldfusion | 2026-04-16 | N/A | 9.3 CRITICAL |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-27306 | 1 Adobe | 1 Coldfusion | 2026-04-16 | N/A | 8.4 HIGH |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2003-1471 | 1 Alt-n | 1 Mdaemon | 2026-04-16 | 6.3 MEDIUM | N/A |
| MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number. | |||||
| CVE-2004-1125 | 3 Easy Software Products, Kde, Xpdf | 3 Cups, Kde, Xpdf | 2026-04-16 | 9.3 HIGH | N/A |
| Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | |||||
| CVE-2001-0748 | 1 Acme Labs | 1 Acme Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. | |||||